Why was an alert deleted by the Splunk system?

New Member

Hello everyone,

I have a problem with an alert removed without a user's action.

When I join the Splunk logs...

splunk_server = "XXX" index=_audit  host=YourHostName action=alert_deleted

...I do not see deletion events which may have occurred? Is this some action of the system? How can I identify the cause of the deletion of the alert?

Tags (2)
0 Karma
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...